Understanding AppArmor profile installation

If you are operating in a self-deployed Ubuntu environment and using the AppArmor mandatory access control system, the AppArmor profiles associated with packages you install on the base system might be blocked by the corresponding packages installed with StorageGRID Webscale.

By default, AppArmor profiles are installed for packages that you install on the base operating system. When you run these packages from the StorageGRID Webscale system container, the AppArmor profiles are blocked. The DHCP, MySQL, NTP, and tcdump base packages conflict with AppArmor, and other base packages might also conflict.

You have two choices for handling AppArmor profiles:

Disable individual profiles for the packages installed on the base system that overlap with the packages in the StorageGRID Webscale system container. When you disable individual profiles, an entry appears in the StorageGRID Webscale log files indicating that AppArmor is enabled.